none
Client certificate: Could not establish secure channel for SSL/TLS with authority RRS feed

  • Question

  • Sorry for asking this question, but I couldn't find any answer for this case.

    I developed a client application that talks to an external SOAP api using WCF. To authenticate, the application uses a client certificate. (The client certificate as been installed on the api server). When I test on my local machine everything works fine.

    The problems occurs when I deploy the application on IIS. The apps cannot communicate with the SOAP api anymore. This is the error:

    "Could not establish secure channel for SSL/TLS with authority".

    I installed the certificate in Personnal store of both Current User and Local Computer location. When I try to hit the SOAP api with the browser it works (get on wsdl file which also need the client certificate).

    Note: the certificate is not self signed. It was created by an authorized CA.

    Thanks for the help

    Wednesday, March 29, 2017 5:19 PM

Answers

  • >>I changed the Identity of the application pool of IIS to LocalSystem and restarted the app. Do you know why that fixed the problem?

    I am glad your issue has been resolved.

    In general, this error is caused by that we did not install the certificate or application could not access the certificate. For your scenario, application pool is in a low permission and it does not have enough permission to access the certificate. In other words, LocalSystem Identity have enough permission.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, March 31, 2017 2:34 AM
    Moderator

All replies

  • >>When I test on my local machine everything works fine. The problems occurs when I deploy the application on IIS

    Where is the IIS which you used to deploy? Is it your local IIS or in a different computer?

    >>When I try to hit the SOAP api with the browser it works (get on wsdl file which also need the client certificate).

    Do you mean you get certificate warning in browser? If so, it seems the service certificate is not trusted by client, and I would suggest you install this service certificate from browser “Certificate errors”.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, March 30, 2017 2:32 AM
    Moderator
  • Hi Edward,

    1 - I deployed on a difference computer in the cloud running Windows server 2012 and IIS 8.5

    2 - No the browser request works fine. I fetch the wsdl no problem so yes the certificate is trusted. My issue is when the application calls the SOAP api. 

    Do you have any idea of what can be the problem?

    Thursday, March 30, 2017 1:14 PM
  • I changed the Identity of the application pool of IIS to LocalSystem and restarted the app. Do you know why that fixed the problem?

    thanks

    Thursday, March 30, 2017 6:08 PM
  • >>I changed the Identity of the application pool of IIS to LocalSystem and restarted the app. Do you know why that fixed the problem?

    I am glad your issue has been resolved.

    In general, this error is caused by that we did not install the certificate or application could not access the certificate. For your scenario, application pool is in a low permission and it does not have enough permission to access the certificate. In other words, LocalSystem Identity have enough permission.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, March 31, 2017 2:34 AM
    Moderator